openssl: tls connection fails when server uses brainpool certificate

This used to work (1.0.2) but now (1.1.1) no more:

$ openssl s_server -accept 1234 -cert cert_server_self_signed_ec.pem -key private_key_server_self_signed_ec.pem 
Using default temp DH parameters
ACCEPT
ERROR
140293524313920:error:14201076:SSL routines:tls_choose_sigalg:no suitable signature algorithm:ssl/t1_lib.c:2589:
shutting down SSL
CONNECTION CLOSED

$ openssl s_client -connect localhost:1234
CONNECTED(00000005)
140600407316288:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1528:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 311 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

$ cat cert_server_self_signed_ec.pem 
-----BEGIN CERTIFICATE-----
MIIExDCCBEugAwIBAgIBADAKBggqhkjOPQQDAjCB2DELMAkGA1UEBhMCREUxDzAN
BgNVBAgMBkJheWVybjEYMBYGA1UECgwPU29mdGluZyBJQSBHbWJIMQswCQYDVQQL
DAJJQTEzMDEGA1UEAwwqU29mdGluZyBPcGNVYSBUZXN0IFNlcnZlciAoc2VsZiBz
aWduZWQgRUMpMRYwFAYDVQQHDA1IYWFyIChNdW5pY2gpMS0wKwYJKoZIhvcNAQkB
Fh5zdXBwb3J0LmF1dG9tYXRpb25Ac29mdGluZy5jb20xFTATBgoJkiaJk/IsZAEZ
FgV3LWVkMTAeFw0xODEwMTgxNzE4MjJaFw0xOTEwMTgxNzE4MjJaMIHYMQswCQYD
VQQGEwJERTEPMA0GA1UECAwGQmF5ZXJuMRgwFgYDVQQKDA9Tb2Z0aW5nIElBIEdt
YkgxCzAJBgNVBAsMAklBMTMwMQYDVQQDDCpTb2Z0aW5nIE9wY1VhIFRlc3QgU2Vy
dmVyIChzZWxmIHNpZ25lZCBFQykxFjAUBgNVBAcMDUhhYXIgKE11bmljaCkxLTAr
BgkqhkiG9w0BCQEWHnN1cHBvcnQuYXV0b21hdGlvbkBzb2Z0aW5nLmNvbTEVMBMG
CgmSJomT8ixkARkWBXctZWQxMHowFAYHKoZIzj0CAQYJKyQDAwIIAQELA2IABISI
UnnZ7aIFjRST8A/08V0irJaB8r168c+4yrzLPXzNkTAdQqmJOor+Ht4LvjmxM0JW
5a6INUclwViuhW6mEkCfSvfP3QfgJ/Fn0ScYNPktbbxjJwoutGx2rtzvbWNWFqOC
AeEwggHdMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUaerJjek13lRtCjxGnqD0u+qjGuIwggEFBgNVHSMEgf0w
gfqAFGnqyY3pNd5UbQo8Rp6g9LvqoxrioYHepIHbMIHYMQswCQYDVQQGEwJERTEP
MA0GA1UECAwGQmF5ZXJuMRgwFgYDVQQKDA9Tb2Z0aW5nIElBIEdtYkgxCzAJBgNV
BAsMAklBMTMwMQYDVQQDDCpTb2Z0aW5nIE9wY1VhIFRlc3QgU2VydmVyIChzZWxm
IHNpZ25lZCBFQykxFjAUBgNVBAcMDUhhYXIgKE11bmljaCkxLTArBgkqhkiG9w0B
CQEWHnN1cHBvcnQuYXV0b21hdGlvbkBzb2Z0aW5nLmNvbTEVMBMGCgmSJomT8ixk
ARkWBXctZWQxggEAMEsGA1UdEQREMEKGInVybjp3LWVkMS9Tb2Z0aW5nL09wY1Vh
L1Rlc3RTZXJ2ZXKCFnctZWQxLmRoY3Auc29mdGluZy5jb22HBKwRArcwDAYDVR0T
BAUwAwEB/zALBgNVHQ8EBAMCAfYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMAoGCCqGSM49BAMCA2cAMGQCME0qaZCsQbJwNT3prQoWmWN0r4lPTZjJAcOA
ewbxzlq0xItRBvOFhpBRFToy4b1XcwIwImOHaA7f6k4vYXbVeXwb8CiXL140ys14
qgLz61gIxIsept4ZARmR8vPk/09xarit
-----END CERTIFICATE-----
$ cat private_key_server_self_signed_ec.pem
Private-Key: (384 bit)
priv:
    27:67:8a:43:fe:14:d6:8c:2f:f4:83:a2:b0:3b:e2:
    ed:5c:a8:b7:e5:b6:af:d9:cd:17:b3:a2:04:8a:3a:
    e0:c3:88:4a:91:73:a5:00:84:7e:8e:cc:1d:31:ed:
    b6:e4:61
pub:
    04:84:88:52:79:d9:ed:a2:05:8d:14:93:f0:0f:f4:
    f1:5d:22:ac:96:81:f2:bd:7a:f1:cf:b8:ca:bc:cb:
    3d:7c:cd:91:30:1d:42:a9:89:3a:8a:fe:1e:de:0b:
    be:39:b1:33:42:56:e5:ae:88:35:47:25:c1:58:ae:
    85:6e:a6:12:40:9f:4a:f7:cf:dd:07:e0:27:f1:67:
    d1:27:18:34:f9:2d:6d:bc:63:27:0a:2e:b4:6c:76:
    ae:dc:ef:6d:63:56:16
ASN1 OID: brainpoolP384r1
-----BEGIN EC PRIVATE KEY-----
MIGoAgEBBDAnZ4pD/hTWjC/0g6KwO+LtXKi35bav2c0Xs6IEijrgw4hKkXOlAIR+
jswdMe225GGgCwYJKyQDAwIIAQELoWQDYgAEhIhSedntogWNFJPwD/TxXSKsloHy
vXrxz7jKvMs9fM2RMB1CqYk6iv4e3gu+ObEzQlblrog1RyXBWK6FbqYSQJ9K98/d
B+An8WfRJxg0+S1tvGMnCi60bHau3O9tY1YW
-----END EC PRIVATE KEY-----

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 24 (24 by maintainers)

Commits related to this issue

Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable TLSv1.3 is more restrictive about the curve used. There must be a matching sig alg defined for that curve. Therefore if we are using some ... — committed to mattcaswell/openssl by mattcaswell 6 years ago
Don't negotiate TLSv1.3 if our EC cert isn't TLSv1.3 capable TLSv1.3 is more restrictive about the curve used. There must be a matching sig alg defined for that curve. Therefore if we are using some ... — committed to openssl/openssl by mattcaswell 6 years ago

Most upvoted comments

why does the IETF not respond

With due apologies for this level of nitpicking, but these codepoint assignments are made by IANA, which is not part of the IETF.

kaduk on Oct 26, 2018